RBAM - Role Based Access Control Manager
Management of RBAC Authorisation Data via a web interface

Role Based Access Manager (RBAM) is a Yii module that provides complete management of Authorisation Data (Authorisation Items, Authorisation Hierarchy, and Authorisation Assignments) for Yii’s Role Based Access Control system via a browser interface; it is intended for use in development and end-user administration environments.

RBAM has an intuitive “Web 2.0” interface to easily manage Authorisation Items (Roles, Tasks, and Operations), their hierarchy, and Authorisation Assignments. It presents all of an Authorisation Item’s information in one place providing a comprehensive overview and complete management of the item.

RBAM’s “Drill-down” and “Drill-up” features quickly show an item’s position in the Authorisation Hierarchy, what permissions it inherits (Drill down) and which Roles inherit its permissions (Drill up).

RBAM is built on top of Yii’s CAuthManager component and supports both of Yii’s built-in Authorisation Managers, CDbAuthManager and CPhpAuthManager, and authorisation managers extended from them.

The manual contains full configuration and usage details, and has loads of screenshots.

I have set the login to validate towards the tbl_user. I can log in and after initializing RBAM I can see my user having the role RBAC Manager.

If I now go to the page where I have http://www.johnspage...authitems/index (this is an internal link on my system so don't bother trying to go there). I can see the roles listed "RBAC Manager" claims to have two children. According to the documentation clicking the number of parents will drill down so I can see the sub roles of "RBAC Manager". Unfortunately this doesn't work.

The problem seems to be that I have a my site in a sub-folder of the web root. The javascript code running the ajax code is not prepared for that.

@mdomba
Thanks for the link, though there is one already in the topic. Do not understand your comments about the resources. I have changed it to include a link to a demo site and the manual, but from text about the manual, not any links to non-existent resources. Perhaps some confusion with an other extension?

Fixed issue with multiple assignments to a user (only seen on some servers)

Added validation to biz rule to ensure it is a valid PHP "return" statement

Changed initialisation to always add RBAM and default roles if not present. This allows RBAM to be easily added to existing RBAC authorisation data

Added count of users with permission for an item to Auth Item Overview and Auth Item relationship tabs

There is also now a downloadable demo with some pre-installed authorisation data.

Looks good. Multiple assignments are now working in my local environment.

I think you need to remove line 213 in AuthAssignmentsController.php.

It includes a call to

debugbreak();

. You probably only have that method locally.

I get this error message if I don't remove it:
Fatal error: Call to undefined function debugbreak() in /media/win_ws/johns_page/trunk/rbam_test/protected/modules/rbam/controllers/AuthAssignmentsController.php on line 21

Not sure. Because the error is coming from CArrayDataProvider, which in turn is called from ApArrayDataProvider, my guess is this is a bug in one of those.

I seem to recall that there are some differences between PHP 5.2 and 5.3 regarding array_multi_sort(). Please confirm which version of PHP you are using.

Also, do you see the error on other pages, for example the Auth Items overview page? The reason for asking is that the ApGridView and ApArrayDataProvider classes are used extensively in RBAM, so I would expect the same error to show itself on many pages (most in fact).

Final question, how many and what authorisation items already exist in your system when you try to generate more?

The minimal schema required by RBAM for the user table is CREATE TABLE tbl_user (
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
username VARCHAR(128) NOT NULL,
); Goes without saying that in an application there will be other columns, e.g. password, email address, etc.

For the auth data, if using CPhpAuthManager, by definition there is no schema as the auth data is not stored in a database. If using CDbAuthManager, the schema is that used by Yii as per Yii's "web/auth" directory. RBAM detects the type of auth manager being used and takes care of everything for you.